<?php
/*
  $Id: contact_us.php,v 1.42 2003/06/12 12:17:07 hpdl Exp $

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2003 osCommerce

  Released under the GNU General Public License
*/

  require('includes/application_top.php');

  require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CONTACT_US);

  // BEGIN - CAPTCHA Encryption Functionality
  $captcha_encryption_key = 'BuyX0nl1n3 C4pTch4 p4ssw0rd';

  function CAP_RC4($key, $data) {
    // To Encrypt - Call CAP_RC4 with key and plain text.
    // To Decrypt - Call CAP_RC4 with key and encrypted text.
    $key_length = strlen($key);
    for ($i = 0; $i < 255; $i++) {
      $key[$i] = ord(substr($key, ($i % $key_length)+1, 1));
      $counter[$i] = $i;
    }
    for ($i = 0; $i < 255; $i++) {
      $x = ($x + $counter[$i] + $key[$i]) % 256;
      $temp_swap = $counter[$i];
      $counter[$i] = $counter[$x];
      $counter[$x] = $temp_swap;
    }
    for ($i = 0; $i < strlen($data); $i++) {
      $a = ($a + 1) % 256;
      $j = ($j + $counter[$a]) % 256;
      $temp = $counter[$a];
      $counter[$a] = $counter[$j];
      $counter[$j] = $temp;
      $k = $counter[(($counter[$a] + $counter[$j]) % 256)];
      $Xcipher = ord(substr($data, $i, 1)) ^ $k;
      $Xcrypt .= chr($Xcipher);
    }
    return $Xcrypt;
  }

  function urlsafe_b64encode($string) {
    $data = base64_encode($string);
    $data = str_replace(array('+','/','='),array('-','_',''),$data);
    return $data;
  }

  function urlsafe_b64decode($string) {
    $data = str_replace(array('-','_'),array('+','/'),$string);
    $mod4 = strlen($data) % 4;
    if ($mod4) {
        $data .= substr('====', $mod4);
    }
    return base64_decode($data);
  }

  // END - CAPTCHA Encryption Functionality

  // remember set captcha 
  // updated to work with register_globals on or off
  // updated to work with encryption
  if (isset($HTTP_POST_VARS['set_captcha'])) {
    $set_captcha = $HTTP_POST_VARS['set_captcha'];
    $decrypted_set_captcha = CAP_RC4($captcha_encryption_key, urlsafe_b64decode($set_captcha));
  } // end if
  
  // make the character array for captcha 
  $chars = array();
  for ($i = 65; $i <= 90; $i++) $chars[] = chr($i);

  // generate values
  for ($i = 1; $i <= 6; $i++) { $key = rand(0, count($chars)-1); $text[$i] =  $chars[$key]; }
  $captcha = urlsafe_b64encode(CAP_RC4($captcha_encryption_key, ($text[1] . $text[2] . $text[3] . $text[4] . $text[5] . $text[6])));
  
  $error = false;
  $securitycode_error = false;
  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'send')) {
      
// John Added

    $_POST['email'] = preg_replace( "/\n/", " ", $_POST['email'] );
    $_POST['phone'] = preg_replace( "/\n/", " ", $_POST['phone'] );
    $_POST['name'] = preg_replace( "/\n/", " ", $_POST['name'] );
    $_POST['email'] = preg_replace( "/\r/", " ", $_POST['email'] );
    $_POST['phone'] = preg_replace( "/\r/", " ", $_POST['phone'] );
    $_POST['name'] = preg_replace( "/\r/", " ", $_POST['name'] );
    $_POST['email'] = str_replace("Content-Type:","",$_POST['email']);
    $_POST['phone'] = str_replace("Content-Type:","",$_POST['phone']);
    $_POST['name'] = str_replace("Content-Type:","",$_POST['name']);

// End of john added

// John changed

//    $name = tep_db_prepare_input($HTTP_POST_VARS['name']);
//    $email_address = tep_db_prepare_input($HTTP_POST_VARS['email']);
//    $enquiry = tep_db_prepare_input($HTTP_POST_VARS['enquiry']);

    $name = tep_db_prepare_input($_POST['name']);
    $email_address = tep_db_prepare_input($_POST['email']);
    $phone = tep_db_prepare_input($_POST['phone']);
    $enquiry = tep_db_prepare_input($_POST['enquiry']);
    $security = urlsafe_b64encode(CAP_RC4($captcha_encryption_key, (strtoupper(tep_db_prepare_input($_POST['security'])))));

// End of John changed


    if (strlen($name) < 7) {
      $error = true;

      $messageStack->add('contact', ERROR_NAME);
    }

    if (!tep_validate_email($email_address)) {
      $error = true;

      $messageStack->add('contact', ERROR_EMAIL);
    }
 
    if (strlen($phone) < 7) {
      $error = true;

      $messageStack->add('contact', ERROR_PHONE);
    }

    if (($set_captcha != $security) || (empty($security))) {
    $error = true;
    $securitycode_error = true;

      $messageStack->add('contact', ERROR_SECURITY);
    }
    
    // maintain the same security code
    // updated to work with encryption
    // note: this feature could be further secured because when
    //  a correct code is entered, further form errors will have 
    //  both the encrypted code and the user entered plain text
    //  visual code in the hidden form data.  for this security
    //  application, user friendliness (this feature) and system 
    //  compatibility (not using sessions) are more important
    //  than the questionable additional security/obscurity. 
    if ($set_captcha == $security) { 
      if (!empty($decrypted_set_captcha)) {
	$captcha = $set_captcha;
	$security = $decrypted_set_captcha;
      }
    }

    if ($error == false) {
      $email_subject = sprintf(EMAIL_SUBJECT, $name);
      $email_body = sprintf(EMAIL_INTRO, $name, $phone, $email_address) . "\n\n";

      if (tep_not_null($enquiry)) {
        $email_body .= $enquiry . "\n\n";
      }

      tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, $email_subject, $email_body, $name, $email_address);

      tep_redirect(tep_href_link(FILENAME_CONTACT_US, 'action=success'));
    }
  }

  $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CONTACT_US));
  $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CONTACT_US));
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<?php
# Custom Javascripts
require(DIR_WS_INCLUDES . 'custom_javascript.php');
?>
</head>
<body id="page" class="font-large width-thin" marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">
<!-- quick menu //-->
<?php require('quickfind_header.php'); ?>
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" align="center" cellspacing="0" cellpadding="0">
  <tr>
    <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="0">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
    </table></td><td>&nbsp;</td>
<!-- body_text //-->
    <td width="100%" valign="top"><?php echo tep_draw_form('contact_us', tep_href_link(FILENAME_CONTACT_US, 'action=send')); ?>
    <input type="hidden" name="set_captcha" value="<?php echo $captcha; ?>">
    <table border="0" width="100%" cellspacing="0" cellpadding="0">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
            <td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_contact_us.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td>
	  <table cellpadding="10" cellspacing="10">
             <tr>
               <td><?php echo STORE_CONTACT_ADDRESS; ?></td>
             </tr>
             <tr>
               <td><?php echo STORE_CONTACT_NUMBER; ?></td>           
             </tr>
	  </table>
        </td>
       </tr> 
<?php
  if ($messageStack->size('contact') > 0) {
?>
      <tr>
        <td><?php echo $messageStack->output('contact'); ?></td>
      </tr>
      <tr>
        <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
      </tr>
<?php
  }

  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'success')) {
?>
      <tr>
        <td class="main" align="center"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_man_on_board.gif', HEADING_TITLE, '0', '0', 'align="left"') . TEXT_SUCCESS; ?></td>
      </tr>
      <tr>
        <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
      </tr>
      <tr>
        <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
          <tr class="infoBoxContents">
            <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
              <tr>
                <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
                <td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td>
                <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
              </tr>
            </table></td>
          </tr>
        </table></td>
      </tr>
<?php
  } else {
?>
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
          <tr>
            <td class="inputRequirement">* Required information</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
          <tr class="infoBoxContents">
            <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
              <tr>
                <td class="main" align="right" width="130"><?php echo ENTRY_NAME; ?></td>
                <td class="main"><?php echo tep_draw_input_field('name', '', 'style="width: 250px"') . '&nbsp;' . (tep_not_null(ENTRY_EMAIL_ADDRESS_TEXT) ? '<span class="inputRequirement">' . ENTRY_EMAIL_ADDRESS_TEXT . '</span>': ''); ?></td>
              </tr>
              <tr>
                <td class="main" align="right" width="130"><?php echo ENTRY_EMAIL; ?></td>
                <td class="main"><?php echo tep_draw_input_field('email', '', 'style="width: 250px"') . '&nbsp;' . (tep_not_null(ENTRY_EMAIL_ADDRESS_TEXT) ? '<span class="inputRequirement">' . ENTRY_EMAIL_ADDRESS_TEXT . '</span>': '') ?></td>
              </tr>
              <tr>
                <td class="main" align="right" width="130"><?php echo CONTACT_PHONE; ?></td>
                <td class="main"><?php echo tep_draw_input_field('phone', '', 'style="width: 125px"') . '&nbsp;' . (tep_not_null(ENTRY_EMAIL_ADDRESS_TEXT) ? '<span class="inputRequirement">' . ENTRY_EMAIL_ADDRESS_TEXT . '</span>': '') ?></td>
              </tr>
              <tr>
                <td class="main" align="right" width="130"><?php echo ENTRY_SECURITY; ?></td>
                <td class="main"><?php echo ($securitycode_error==true ? tep_draw_input_field('security', '', 'style="width: 80px"', '', false) : tep_draw_input_field('security', '', 'style="width: 80px"')) . '&nbsp;' . (tep_not_null(ENTRY_EMAIL_ADDRESS_TEXT) ? '<span class="inputRequirement">' . ENTRY_EMAIL_ADDRESS_TEXT . '</span>': '') ?></td>
              </tr>
              <tr>
                <td class="main" align="right" width="130">&nbsp;</td>
                <td class="main"><img src="<?php echo DIR_WS_HTTP_CATALOG . DIR_WS_IMAGES . 'captcha.php?code=' . $captcha; ?>" alt="captcha image" align="middle" />&nbsp;&nbsp;&nbsp;Enter security code above</td>
              </tr>
              <tr>
                <td class="main" align="right" width="130"><?php echo ENTRY_ENQUIRY; ?></td>
                <td class="main"><?php echo tep_draw_textarea_field('enquiry', 'soft', 50, 15); ?></td>
              </tr>                                                                                                                             
            </table></td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
      </tr>
      <tr>
        <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
          <tr class="infoBoxContents">
            <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
              <tr>
                <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
                <td align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>
                <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
              </tr>
            </table></td>
          </tr>
        </table></td>
      </tr>
<?php
  }
?>
    </table></form></td>
<!--
/*    
<td>&nbsp;</td>
    <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="0">
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
    </table></td>
*/
-->
  </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>
